Hi John, On 25-05-2021 03:36, John Scott wrote: > Other quality assurance toolings like American Fuzzy Lop (the fuzzer) > often feature a "trophy case" of real-world issues that've been caught. > I wonder if anyone is interested in perhaps making a wiki page for > this, or might would know of any especially notable issues that were > successfully caught (be they Debian packaging mistakes or upstream > bugs). > > It might be a good motivator for maintainers otherwise on the fence to > add tests. Thanks for the idea, there have been several of those notable issues. Unfortunately, due to the shear amount of real bugs (but not really notable) I fail to provide a list at this moment. I'll try to keep your idea in mind though and note down notable issues when they occur in the future. If you're ambitious, you could go through: https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=debian-ci@lists.debian.org;ordering=ci-tag-sorted Some bugs from there that jump at me: 902628 [n|U|☺↝♲☣] [src:curl] curl: segfaults with http2 on libcurl 7.60.0 907015 [S| |♲☣] [src:openssl] openssl version 1.1.1 breaks multiple reverse dependencies; versioned Breaks needed 910263 [S|⛺|☺♲☣] [src:openmpi] openmpi: segfault during lammps and liggghts autopkgtest 914482 [S| |=☺♲☣] [src:gdcm] gdcm: ABI break And here I stopped because I also realize *again* that while build tests may find issues with your package, autopkgtest are a great way to discover issues with your dependencies. Hence, most notable bugs found where in other packages than those providing the autopkgtest. Paul
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature